Hello!,
So after some playing around since my isp does not have native ipv6, I decided to go with 6in4 and use route64.
so far this works, then I also tried adding ipv6 to my underlaying vpn server for wifi (wifivpn) and this works aswell this cascades to wgclient, but i was forced to use dhcpv6 on the mullvad instance since it appears to me either ipv6 is only accessible through shadowsocks or dhcpv6.
But now I have some difficulties how I can delegate the /128 given by mullvad to my other interfaces like pcnet for example, I don't think this is possible since it is a single ip but since I remember wireguard uses virtual ip, I think setting this to /68 or /48 is good?
I was also thinking of maybe using a ipv6 static route?, i do also use pbr.
as for now i'm able to get a ipv6-PD and tried to set this as prefix filter under pcnet I can see that I receive the ipv6 address but unable to ping.
here is my network config:
https://pastebin.com/raw/e0LCuZKW (edit: changed to raw)
firewall config click to expand
config defaults
option input 'DROP'
option output 'ACCEPT'
option forward 'REJECT'
option flow_offloading '1'
option flow_offloading_hw '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'lan'
config zone
option name 'wan'
option input 'DROP'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option masq6 '1'
list device '6in4-wan6'
list device 'eth1.300'
list masq_src 'fc00:bbbb:bbbb:bb01::a:xxx/128'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option src 'wan'
option name 'allow-ipv6-incoming'
list proto 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option family 'ipv4'
option target 'ACCEPT'
list icmp_type 'echo-request'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
option enabled '0'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wgclient'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wgclient'
option proto 'icmp'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
list icmp_type 'bad-header'
list icmp_type 'destination-unreachable'
list icmp_type 'echo-reply'
list icmp_type 'echo-request'
list icmp_type 'neighbour-advertisement'
list icmp_type 'neighbour-solicitation'
list icmp_type 'packet-too-big'
list icmp_type 'router-advertisement'
list icmp_type 'router-solicitation'
list icmp_type 'time-exceeded'
list icmp_type 'unknown-header-type'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wgclient'
option dest '*'
option proto 'icmp'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
list icmp_type 'bad-header'
list icmp_type 'destination-unreachable'
list icmp_type 'echo-reply'
list icmp_type 'echo-request'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'unknown-header-type'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-bypass-vpn-mark'
option src '*'
option dest 'wgclient'
option target 'REJECT'
option mark '0x10000/0xff0000'
list proto 'all'
config rule
option name 'Allow-yt-bypass-mark'
option src '*'
option dest 'wgclient'
option target 'ACCEPT'
option mark '0x30000/0xff0000'
list proto 'all'
config rule
option name 'Allow-bypass-vpn-mark'
option src '*'
option dest 'wan'
option target 'ACCEPT'
option mark '0x10000/0xff0000'
list src_ip '!10.245.245.0/24'
config rule
option name 'block-doh'
option src '*'
option dest 'wan'
list dest_ip '1.1.1.1'
list dest_ip '8.8.8.8'
list dest_ip '8.8.4.4'
option dest_port '443'
option target 'DROP'
config zone
option name 'pcnet'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'pcnet'
config zone
option name 'wlan0'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'wlan0'
config zone
option name 'wlan1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'wlan1'
config zone
option name 'tvnet'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'tvnet'
config zone
option name 'ps5'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'ps5'
config zone
option name 'aya'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'ayaneo'
config zone
option name 'aqara'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option masq6 '1'
list network 'aqaranet'
config zone
option name 'hwnet'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'hwnet'
config zone
option name 'wgclient'
option input 'DROP'
option output 'ACCEPT'
option forward 'REJECT'
option mtu_fix '1'
option masq6 '1'
option masq '1'
list network 'wgclient'
list network 'wgclient_yt'
list network 'wgclient2'
list network 'wgclient3'
config forwarding
option src 'tvnet'
option dest 'wan'
config forwarding
option src 'ps5'
option dest 'wgclient'
config forwarding
option src 'aya'
option dest 'wgclient'
config forwarding
option src 'hwnet'
option dest 'wan'
config zone
option name 'tvboxnet'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'tvboxnet'
config forwarding
option src 'tvboxnet'
option dest 'wan'
config rule
option name 'block-doh'
option src '*'
option dest 'wgclient'
list dest_ip '1.1.1.1'
list dest_ip '8.8.8.8'
list dest_ip '8.8.4.4'
option dest_port '443'
option target 'DROP'
config rule
option src '*'
option dest 'wan'
option dest_port '853'
option target 'REJECT'
option name 'block-dns-over-tls'
config rule
option name 'block-dns-over-tls'
option src '*'
option dest 'wgclient'
option dest_port '853'
option target 'REJECT'
config rule
option src 'wifivpn'
option dest 'lan'
option target 'ACCEPT'
option name 'management'
list proto 'all'
list dest_ip '10.234.53.3'
list dest_ip '10.234.53.10'
list dest_ip '10.234.53.20'
list dest_ip '10.234.53.25'
list dest_ip '10.234.53.15'
list dest_ip '10.234.53.27'
list dest_ip '10.234.53.31'
list dest_ip '10.234.53.122'
config zone
option name 'wgserver'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option mtu_fix '1'
option masq6 '1'
list network 'wgserver'
list network 'wgserver_am'
config rule
option name 'allow-maintenance'
option src 'pcnet'
option target 'ACCEPT'
option dest 'lan'
list proto 'all'
list dest_ip '10.234.53.10'
list dest_ip '10.234.53.3'
list dest_ip '10.234.53.15'
list dest_ip '10.234.53.20'
list dest_ip '10.234.53.25'
list dest_ip '10.234.53.26'
list dest_ip '10.234.53.27'
list dest_ip '10.234.53.31'
list dest_ip '10.234.53.122'
config rule
option name 'wgserver-allow-vxlan'
option src 'wgserver'
option dest_port '4789'
option target 'ACCEPT'
list src_ip '10.6.7.2'
list src_ip '10.6.7.3'
config redirect
option target 'DNAT'
list proto 'udp'
option src 'wan'
option src_dport '4443'
option dest 'wgserver'
option dest_ip '10.6.7.1'
option name 'forward-wgserver'
option dest_port '4443'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'forward-backup-vpn'
list proto 'udp'
option src 'wan'
option src_dport '4445'
option dest_ip '10.234.53.3'
option dest_port '4445'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'forward-backup-vpn'
list proto 'udp'
option src 'wlan0'
option src_dport '4445'
option dest_ip '10.234.53.3'
option dest_port '4445'
option enabled '0'
config redirect
option dest 'wgserver'
option target 'DNAT'
option src 'pcnet'
option src_dport '4443'
option dest_port '4443'
option dest_ip '10.6.7.1'
list proto 'udp'
option name 'forward-wgserver'
config zone
option name 'wifivpn'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'wifivpn'
config forwarding
option src 'wifivpn'
option dest 'wgclient'
config redirect
option target 'DNAT'
option src 'lan'
option src_dport '4443'
option dest_port '4443'
option dest_ip '10.6.7.1'
option name 'allow-wgserver-to-lan'
option dest 'wgserver'
list proto 'udp'
config forwarding
option src 'lan'
option dest 'wgserver'
config rule
option name 'allow-mt3000'
list proto 'all'
option src 'pcnet'
option dest 'lan'
list dest_ip '10.234.53.21'
option target 'ACCEPT'
config forwarding
option src 'pcnet'
option dest 'wgclient'
config rule
option name 'allow-wifivpn'
option src 'wlan0'
option dest_port '51820'
option target 'ACCEPT'
list proto 'udp'
config rule
option name 'allow-wifivpn'
list proto 'udp'
option src 'wlan1'
option dest_port '51820'
option target 'ACCEPT'
config forwarding
option src 'wlan1'
option dest 'wifivpn'
config rule
option src 'wifivpn'
option dest 'ps5'
list dest_ip '10.56.2.2'
option target 'ACCEPT'
option name 'allow-remote-play-ps5-wifivpn'
config rule
option src 'wifivpn'
option target 'ACCEPT'
option name 'allow-mdns-chromecast'
list proto 'all'
list dest_ip '224.0.0.251'
config rule
option src 'pcnet'
option target 'ACCEPT'
option name 'allow-mdns-chromecast'
list proto 'all'
list dest_ip '224.0.0.251'
config rule
option src 'wifivpn'
option target 'ACCEPT'
option name 'allow-mdns-chromecast'
list dest_ip '244.0.0.251'
list proto 'udp'
option dest_port '5353'
config rule
list proto 'udp'
option src 'pcnet'
option dest_port '5353'
option target 'ACCEPT'
option name 'allow-mdns-chromecast'
list dest_ip '224.0.0.251'
config redirect
option dest 'ps5'
option target 'DNAT'
option name 'allow-ps5-wakeup'
option src 'wgserver'
option src_dport '987'
option dest_ip '10.56.2.2'
list proto 'tcp'
list proto 'udp'
config redirect
option dest 'ps5'
option target 'DNAT'
option name 'allow-psn'
list proto 'udp'
option src 'wgserver'
option src_dport '9295-9297'
option dest_ip '10.56.2.2'
config redirect
option dest 'ps5'
option target 'DNAT'
option name 'psn-remote'
option src 'wgserver'
option src_dport '9295-9308'
option dest_ip '10.56.2.2'
list proto 'tcp'
list proto 'udp'
config redirect
option target 'DNAT'
option name 'hijack-dns'
option src 'aqara'
option src_dport '53'
config redirect
option target 'DNAT'
option src 'aya'
option src_dport '53'
list src_mac '!8c:de:f9:xx:xx:xx'
config redirect
option target 'DNAT'
option src 'hwnet'
option src_dport '53'
config redirect
option target 'DNAT'
option src 'lan'
option src_dport '53'
config redirect
option target 'DNAT'
option src 'ps5'
option src_dport '53'
config redirect
option target 'DNAT'
option src 'tvboxnet'
option src_dport '53'
config redirect
option target 'DNAT'
option src 'tvnet'
option src_dport '53'
config redirect
option target 'DNAT'
option src 'wifivpn'
option src_dport '53'
option dest 'wgclient'
config redirect
option target 'DNAT'
option src 'pcnet'
option src_dport '53'
option dest_port '53'
config forwarding
option src 'wlan0'
option dest 'wifivpn'
config rule
option name 'allow-moonlight-wifivpn'
option src 'wifivpn'
option dest 'pcnet'
list dest_ip '10.34.79.2'
option target 'ACCEPT'
list proto 'tcp'
option dest_port '47984 47989 48010 47990'
config rule
option name 'allow-moonlight-wifivpn'
option src 'wifivpn'
option dest 'pcnet'
list dest_ip '10.34.79.2'
option target 'ACCEPT'
option dest_port '47998-48000 48002 48010 47990'
list proto 'udp'
config rule
option name 'allow-moonlight-wgserver'
option src 'wgserver'
option dest 'pcnet'
list dest_ip '10.34.79.2'
option target 'ACCEPT'
option dest_port '47998-48000 48002 48010 47990'
list proto 'udp'
list src_ip '10.6.7.2'
list src_ip '10.6.7.3'
config rule
option name 'allow-moonlight-tvnet'
option src 'tvnet'
option dest 'pcnet'
list dest_ip '10.34.79.2'
option target 'ACCEPT'
option dest_port '47998-48000 48002 48010 47990'
list proto 'udp'
config rule
option name 'allow-moonlight-wgserver'
option src 'wgserver'
option dest 'pcnet'
list dest_ip '10.34.79.2'
option target 'ACCEPT'
list proto 'tcp'
option dest_port '47984 47989 48010 47990'
list src_ip '10.6.7.2'
list src_ip '10.6.7.3'
config rule
option name 'allow-moonlight-tvnet'
option src 'tvnet'
option dest 'pcnet'
list dest_ip '10.34.79.2'
option target 'ACCEPT'
option dest_port '47984 47989 48010 47990'
list proto 'tcp'
list proto 'udp'
config zone
option name 'kvmnet'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'kvmnet'
config forwarding
option src 'kvmnet'
option dest 'wan'
config redirect
option dest 'ps5'
option target 'DNAT'
option name 'allow-ps5'
option src 'wgserver'
option src_dport '8572'
option dest_ip '10.56.2.2'
config forwarding
option src 'wifivpn'
option dest 'kvmnet'
config forwarding
option src 'pcnet'
option dest 'kvmnet'
config zone
option name 'proxmox'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'proxmox'
config forwarding
option src 'proxmox'
option dest 'wan'
config forwarding
option src 'wifivpn'
option dest 'proxmox'
config rule
option name 'allow-lancache'
option src '*'
option dest 'proxmox'
list dest_ip '10.244.244.5'
option target 'ACCEPT'
list proto 'tcp'
list proto 'udp'
option dest_port '53 443 80'
config forwarding
option src 'pcnet'
option dest 'proxmox'
config zone
option name 'proxmox_vpn'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'proxmox_vpn'
config forwarding
option src 'proxmox_vpn'
option dest 'wgclient'
config forwarding
option src 'pcnet'
option dest 'proxmox_vpn'
config forwarding
option src 'wifivpn'
option dest 'proxmox_vpn'
config rule
option src 'tvnet'
option dest 'proxmox_vpn'
list dest_ip '10.245.245.51'
option target 'ACCEPT'
option name 'allow-jellyfin-for-tvnet'
config rule
option name 'allow-wgserver-unrestricted-wgclient'
option src 'wgserver'
list src_ip '10.6.7.2'
list src_ip '10.6.7.3'
option dest 'wgclient'
option target 'ACCEPT'
config rule
option name 'allow-wgserver-unrestricted-promox'
option src 'wgserver'
list src_ip '10.6.7.2'
list src_ip '10.6.7.3'
option dest 'proxmox'
option target 'ACCEPT'
config rule
option name 'allow-wgserver-unrestricted-proxmox'
option src 'wgserver'
list src_ip '10.6.7.2'
list src_ip '10.6.7.3'
option dest 'proxmox_vpn'
option target 'ACCEPT'
config rule
option name 'allow-wgserver-unrestricted-proxmox'
option src 'wgserver'
list src_ip '10.6.7.2'
list src_ip '10.6.7.3'
option dest 'proxmox_vpn'
option target 'ACCEPT'
config rule
option name 'allow-wgserver-restricted'
option src 'wgserver'
list src_ip '10.6.7.4'
option dest 'proxmox_vpn'
list dest_ip '10.245.245.51'
list dest_ip '10.245.245.53'
option target 'ACCEPT'
config rule
option name 'allow-wgserver-restricted'
option src 'wgserver'
list src_ip '10.6.7.4'
option dest 'proxmox'
option target 'ACCEPT'
list dest_ip '10.244.244.63'
option dest_port '80'
config rule
option name 'allow-wgserver-restricted-tmdb-ipset'
option src 'wgserver'
option ipset 'tmdb'
option dest 'wgclient'
option dest_port '443'
option target 'ACCEPT'
list src_ip '10.6.7.4'
option family 'ipv4'
config ipset
option name 'tmdb'
option family 'ipv4'
list match 'dest_ip'
option counters '1'
config redirect
option dest 'wgclient'
option target 'DNAT'
option name 'force-vpn-tunnel'
option src 'proxmox_vpn'
option src_dport '53'
option dest_ip '10.64.0.1'
option src_ip '10.245.245.61'
config redirect
option target 'DNAT'
option name 'wgserver-hijack-dns'
option src 'wgserver'
option src_dport '53'
option dest_port '5342'
option ipset '!wgserver-local'
option enabled '0'
list proto 'tcp'
list proto 'udp'
config rule
option src 'wgserver'
option dest 'kvmnet'
option target 'ACCEPT'
list src_ip '10.6.7.2'
list src_ip '10.6.7.3'
option name 'allow-kvm-net-wgserver'
config rule
option src 'proxmox'
option dest 'kvmnet'
option name 'allow-kvm-update'
list src_ip '10.244.244.3'
option target 'ACCEPT'
list proto 'tcp'
list proto 'udp'
list proto 'icmp'
config redirect
option target 'DNAT'
option name 'hijack-wgclient-anti-mullvad'
option src 'wgclient'
option src_dport '53'
config zone
option name 'beta'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'beta'
config forwarding
option src 'beta'
option dest 'wan'
config zone
option name 'sma'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'sma'
config forwarding
option src 'wifivpn'
option dest 'sma'
config rule
option src 'tvnet'
option dest 'proxmox'
option name 'allow-filebrowser-tv'
list dest_ip '10.244.244.62'
option dest_port '80'
option target 'ACCEPT'
config rule
option src 'tvnet'
option dest 'proxmox'
option name 'allow-filebrowser-tv'
list dest_ip '10.244.244.62'
option dest_port '443'
option target 'ACCEPT'
config redirect
option dest 'pcnet'
option target 'DNAT'
option name 'wifivpn-parsec'
list proto 'udp'
option src 'wifivpn'
option src_dport '8000-8011'
option dest_ip '10.34.79.2'
option enabled '0'
config redirect
option dest 'pcnet'
option target 'DNAT'
option name 'wifivpn-parsec'
list proto 'udp'
option src 'tvnet'
option src_dport '8000-8011'
option dest_ip '10.34.79.2'
option enabled '0'
config redirect
option dest 'pcnet'
option target 'DNAT'
option name 'wifivpn-parsec'
list proto 'udp'
option src 'wgserver'
option src_dport '8000-8011'
option dest_ip '10.34.79.2'
option enabled '0'
config forwarding
option src 'wifivpn'
option dest 'aya'
config forwarding
option src 'wifivpn'
option dest 'lan'
config redirect
option dest 'proxmox'
option target 'DNAT'
option src 'wan'
option src_dport '2053'
option dest_ip '10.244.244.90'
option dest_port '2053'
option enabled '0'
config redirect
option dest 'proxmox'
option target 'DNAT'
option src 'wan'
option src_dport '443'
option dest_ip '10.244.244.90'
option dest_port '443'
option enabled '0'
config forwarding
option src 'wifivpn'
option dest 'pcnet'
config forwarding
option src 'aqara'
option dest 'wan'
config include 'pbr'
option fw4_compatible '1'
option type 'script'
option path '/usr/share/pbr/firewall.include'
config rule
option src 'proxmox'
option dest 'proxmox_vpn'
option name 'allow-proxmox-status'
list proto 'tcp'
list proto 'udp'
list proto 'icmp'
list src_ip '10.244.244.63'
option target 'ACCEPT'
config rule
option src 'proxmox'
option dest 'lan'
option name 'allow-proxmox-status'
list src_ip '10.244.244.63'
option target 'ACCEPT'
list proto 'tcp'
list proto 'udp'
list proto 'icmp'
config rule
option src 'proxmox'
option dest 'kvmnet'
option name 'allow-proxmox-status'
list src_ip '10.244.244.63'
option target 'ACCEPT'
list proto 'tcp'
list proto 'udp'
config rule
option src 'proxmox'
option dest 'pcnet'
option name 'allow-proxmox-status'
list src_ip '10.244.244.63'
option target 'ACCEPT'
list proto 'tcp'
list proto 'udp'
list proto 'icmp'
list dest_ip '10.34.79.2'
option dest_port '47990'
config rule
option src 'proxmox'
option dest 'sma'
option name 'allow-proxmox-status'
list src_ip '10.244.244.63'
option target 'ACCEPT'
list proto 'tcp'
list proto 'udp'
list proto 'icmp'
config rule
option src 'wifivpn'
option dest 'aqara'
list dest_ip '10.233.10.67'
option target 'ACCEPT'
option name 'allow-access-to-tplink-powerline'
config rule
option src 'proxmox'
option dest 'proxmox_vpn'
option name 'allow-ping-between-proxmox-zones'
list proto 'icmp'
option target 'ACCEPT'
config zone
option name 'iot'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'iot'
config forwarding
option src 'iot'
option dest 'wan'
config redirect
option dest 'wan'
option target 'DNAT'
option src 'iot'
option src_dport '53'
option dest_ip '9.9.9.9'
option dest_port '53'
option enabled '0'
config forwarding
option src 'wlan0'
option dest 'wgclient'
config rule
option src '*'
option dest 'proxmox_vpn'
list proto 'ipv6'
option target 'ACCEPT'
dhcp
config dnsmasq
option rebind_protection '0'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '0'
option ednspacket_max '1232'
option strictorder '1'
option localise_queries '1'
option dnsseccheckunsigned '0'
list addnmount '/var/run/pbr.dnsmasq'
option noresolv '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option force '1'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option dns_service '0'
option dhcpv6 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option leasefile '/tmp/odhcpd.leases'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
option piofolder '/tmp/odhcpd-piofolder'
option hostsdir '/tmp/hosts'
config dhcp 'pcnet'
option interface 'pcnet'
option start '2'
option limit '150'
option leasetime '12h'
option ra 'server'
option dhcpv6 'server'
option ra_default '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option dns_service '0'
config dhcp 'wlan0'
option interface 'wlan0'
option start '2'
option limit '150'
option leasetime '12h'
option force '1'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option dns_service '0'
config dhcp 'wlan1'
option interface 'wlan1'
option start '2'
option limit '150'
option leasetime '12h'
config dhcp 'tvnet'
option interface 'tvnet'
option start '2'
I think I'm almost there 
, theres probably alot of issues though in my stanza 
, I decided to use my ula and that worked for me to masquarade6 to wgclient.